General

  • Target

    SaladBootstrapper.zip

  • Size

    136KB

  • Sample

    241109-yt5gja1emf

  • MD5

    a1f1948b73910bd4fb67f4b248eec76d

  • SHA1

    bd45896dfc1956bf2f2f309e35ffce4447ba74d7

  • SHA256

    524e4732766ac23f7b8f4f8aab9d03b3c0ebf2c82f2a62768e3e6c5c0a047350

  • SHA512

    78ad0cb4b11a4ffb167eef93778b83de97d4700dc65224ab19a8001429d57678a10643d20daed2d59b47e9aa07c289928112bab6902ecb18dd025f7bc568e59e

  • SSDEEP

    3072:vHJ/sTkLaTH9HUyFhG4GCwyNFikPLGKOYNYG/fnGncvGP+xydA8QEXsLlbeALDYG:lsTiaTHTGFfyNIeKSh/fvGVlX0DYve

Malware Config

Targets

    • Target

      BSVERSION.txt

    • Size

      3B

    • MD5

      a894124cc6d5c5c71afe060d5dde0762

    • SHA1

      1469842b4307d36cccb487dc989f21016daadbcc

    • SHA256

      8139b33952401b3ee0e2ca84651cb9a1d7f66d442bf908f9cf1f53ea746e5801

    • SHA512

      7cbe7ca7a78342f88d8a3d83ab6dea5ce79587ae12451e5baffdfbe344d7b9ab0b7e4aaadd3abd0af2ea3da805cd0649e89baff33586e1ad248022c52f0f1594

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks